Thread replies: 55
Thread images: 5
Thread images: 5
Anonymous
Advanced CIA firmware has been infecting Wi-Fi routers for years 2017-06-16 01:28:48 Post No. 60926141
[Report] Image search: [Google]
Advanced CIA firmware has been infecting Wi-Fi routers for years 2017-06-16 01:28:48 Post No. 60926141
[Report] Image search: [Google]
File: image01.jpg (63KB, 447x260px) Image search:
[Google]
63KB, 447x260px
Advanced CIA firmware has been infecting Wi-Fi routers for years
Anonymous
2017-06-16 01:28:48
Post No. 60926141
[Report]
>Home routers from 10 manufacturers, including Linksys, DLink, and Belkin, can be turned into covert listening posts that allow the Central Intelligence Agency to monitor and manipulate incoming and outgoing traffic and infect connected devices. That's according to secret documents posted Thursday by WikiLeaks.
>CherryBlossom, as the implant is code-named, can be especially effective against targets using some D-Link-made DIR-130 and Linksys-manufactured WRT300N models because they can be remotely infected even when they use a strong administrative password. An exploit code-named Tomato can extract their passwords as long as a default feature known as universal plug and play remains on. Routers that are protected by a default or easily-guessed administrative password are, of course, trivial to infect.
>The 175-page CherryBlossom user guide describes a Linux-based operating system that can run on a broad range of routers. Once installed, CherryBlossom turns the device into a "FlyTrap" that beacons a CIA-controlled server known as a "CherryTree." The beacon includes device status and security information that the CherryTree logs to a database. In response, the CherryTree sends the infected device a "Mission" consisting of specific tasks tailored to the target. CIA operators can use a "CherryWeb" browser-based user interface to view Flytrap status and security information, plan new missions, view mission-related data, and perform system administration tasks.
>Missions can target connected users based on IPs, e-mail addresses, MAC addresses, chat user names, and VoIP numbers. Mission tasks can include copying all or only some of the traffic; copying e-mail addresses, chat user names, and VoIP numbers; invoking a feature known as "Windex," which redirects a user's browser that attempts to perform a drive-by malware attack; establishing a virtual private network connection that gives access to the local area network; and the proxying of all network connections.
>>
https://arstechnica.com/security/2017/06/advanced-cia-firmware-turns-home-routers-into-covert-listening-posts/
>>
Remember ransomware? so there's gonna be a lot hacker bricking every router soon?
>>
>>60926256
Huge list, such wow!
https://wikileaks.org/vault7/document/WiFi_Devices/WiFi_Devices.pdf
>>
So now that basically all computers, be they routers, desktops, phones, smart TVs are backdoored how long till 'dumb stuff like Microwaves and toasters start spying?
>>
>you'll never work for these people and legally hack everything
life is suffering
>>
>>60926281
> how long till 'dumb stuff like Microwaves and toasters start spying?
If netbsd is working on them i have a bad news for you.
>>
>>60926141
>15 year old routers
lmao
>>
>"as long as a default feature known as universal plug and play remains on."
UPnP isn't safe? haha no way dude.
>>
guess i should stop being lazy and stop using upnp then.
>>
>>60926294
I saw someone making a microwave working with Raspberry Pi, so it's not too far from becoming a reality.
>>
File: 1491543732488.png (78KB, 816x690px) Image search:
[Google]
78KB, 816x690px
hack this faggots
>>
>>60926281
You forgot printer.
>>
File: 1472913335066.jpg (172KB, 746x599px) Image search:
[Google]
172KB, 746x599px
>>60926849
>implying
Please call your isp and tell nicely that your internet is down and wifi light is off then act like computer illiterate.
Post yfw they reconfigure and restart your modem remotely.
>>
>>60928346
That only works if it's a router/modem provided and managed by the ISP.
I have some shitty D-Link as my router right now, and Comcast's website says it can't communicate with it.
Waiting on a 7200 VXR from work...
>>
https://www.openbsd.org/faq/pf/example1.html
Now is the time to get serious.
>>
File: Screenshot_2017-06-16-09-49-38.png (309KB, 1440x2560px) Image search:
[Google]
309KB, 1440x2560px
>>60926141
Am I safe?
>>
>>60928423
>android
You were had a long time ago.
>>
>>60928423
no, you need to update.
>>
what about my netgear nighthawk
>>
>>60928385
No, it doesnt. Even if you buy your own modem, as soon as its connected it pulls down firmware specific to your ISP which gives them access to it. Some places are automatic, some you have to call to let them know you have a new modem before you can use it.
>>
wtf I thought US were the good guys
>>
>>60928497
Your modem, sure, what what difference does it make if your ISP has access to your modem?
We're worried about the router here, unless you're some sort of pleb that uses a modem/router/switch/AP combo box.
>>
>>60928463
Done
>>
>>60928533
because the traffic at the ISP level can still be intercepted from there. Modems are nothing more than embedded linux devices that provide a back channel to the ISP. They could for instance run tcpdump on all your traffic.
>>
has the software been released yet? have a router out in canada at the moment with no way to get to it and i know it had upnp turned on, with extremely financially sensitive computers hooked up to it
i dont want to have to fucking catch a plane out there (i didnt want to set up remote access BECAUSE of security reasons and upnp is for printers)
>>
On my linksys router, it would send you the ISP password to you in plaintext if you were logged in. It would be just dots in the name field, but with a browser extension you could change that.
>>
>hidefags overreacting
*yawn*
These organizations have your best interests in mind. Think of them as omnipresent guardian angels.
>>
>>60928423
not really because you won't be able to update when they release 2.4. They're dropping i386 builds, x64 (and some ARM stuff) only.
https://forum.pfsense.org/index.php?topic=121255.0
>>
>>60928591
deception is the essence of warfare
>>
>>60928591
You're trolling but it's downright scary how many people are stupid enough to actually think like this.
>>
>>60928566
Generally the best practice is to assume that once the traffic leaves your router, it can be seen by anyone.
Anything sensitive should be encrypted. It's been widely known that the CIA/NSA/FBI can wiretap your connection for decades.
This is literally no different than the FBI man clipping onto your phone circuit at the CO in the 1960s.
>>
>>60928634
I agree.
>>
>>60928598
Oh, well luckily I have a 64bit tower sitting around.
>>
>>60926269
Yawn kinda old devices, but we don't know if there's a new one/already embedded into router soc.
>>60926849
Wrt54 is unsafe checkout that pdf file. They could bypass it even with strong password.
>>
>>60928571
if theres no way to get to it then how is a hacker going to exploit it
>>
>>60928656
OK. The real thing here is the CIA getting into your networking equipment, and then attacking your computers. Way different than just having the ability to monitor your connection, which should be assumed.
Maybe I'm a bit pessimistic, but what's not concerning to me is that these agencies have the ability to do these things. I would hope that with all the funding they get, they are able to produce results. What bothers me is the fact that all this shit has gotten stolen/leaked, which is both detrimental to our "cyber arsenal" and speaks about the internal security of these agencies.
>>
File: 5mPQjR9.gif (1MB, 331x197px) Image search:
[Google]
1MB, 331x197px
>Disabling remote admin access is safe !
Not it isn't.
https://fromsmash.com/5fd52965-52b6-11e7-81a7-0afbd0dc3e17
>>
>>60928771
I'm well aware of what the vulns are. My point is, so what? If they dont get your router they just FISA the ISP and you are never the wiser.
>>
>>60928571
The better question is why are you using consumer routers for critical business functions?
You should deploy some real Cisco/Juniper/Alcatel/Brocade gear out there, which will be much more reliable and allow for remote configuration via SSH.
>>
>>60928799
If they own your router, they can manipulate internal traffic and directly attack machines which would normally be protected by a firewall/NAT.
It's like the difference between someone reading a business' mail vs having a mole planted.
>>
>>60926308
The newer on ones probably have built in backdoors.
>>
>>60928817
the better question is why anyone uses consumer routers for anything. Consumer routers generally run absolutely ancient shit that they slap a marketing-designed web interface onto, put into whatever shape of enclosure is trendy this year, and then ship out and never patch.
>>60928889
most of the ISP-provided ones do, so that Pajeet at the help desk can log into it remotely. This is in addition to the above problems.
>>
>>60928922
because the masses are stupid enough to not care about why something works as long as it works.
>>
>>60928771
>What bothers me is the fact that all this shit has gotten stolen/leaked
CIA niggers glow in the dark.
>>
>>60929164
what did he mean by this?
>>
>>60926294
Wtf I hate microwaves now
>>
>>60926269
No need to exploit the new routers, they come backdoored out the box.
>>
>>60926898
printers already are backdoored
>>
>>60928817
>You should deploy some real Cisco/Juniper/Alcatel/Brocade gear out there
Which by law all have NSA backdoors in them.
>>
>>60926285
Says you. They SEEK OUT TALENT. If you see no future there, you either fucked up to much, or you need to git gud
>>
Are you kids really dumb enough to not realize there is an entire contractor industry for selling 0day to the government?
This has been going on for decades
>>
>>60926285
boi
>join USAF as 3D series
>get gud
>cross train into 1B4
>bust your ass at 1B4 school
>get top scores
>go do OCO at Ft. Meade
>get out of the USAF when your contract is up
>immediately get picked up by NSA
It's like Top Gun, except you don't even have to be an officer.
>>
>>60933478
Are you seriously trying to argue that a Cisco device is worse than a bestbuy router because the NSA was snatching overseas shipments and loading bugged IOSes onto them?
You could use mikrotik gear and hope it doesn't shit out on you.
I'd love to hear that pitched to business execs...
>Yeah, we can't use Cisco gear anymore because there's a small possibility that the NSA targeted us and has hacked it. We should stick with this best buy router which has woefully poor performance and security.
>>
>>60926285
They were constantly recruiting at my school. I decided to go into private sector instead do I didn't bother trying to start the process.
Thread posts: 55
Thread images: 5
Thread images: 5